Your submission was sent successfully! Close

CVE-2018-15120

Published: 24 August 2018

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
pango1.0
Launchpad, Ubuntu, Debian
Upstream
Released (1.42.4-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.40.14-1ubuntu0.1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Other: https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f